Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
xen.19021
CVE-2020-7211-qemut-slirp-potential-directory-t...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-7211-qemut-slirp-potential-directory-traversal-using-relative-paths.patch of Package xen.19021
tftp restricts relative or directory path access on Linux systems. Apply same restrictions on Windows systems too. It helps to avoid directory traversal issue. Fixes: https://bugs.launchpad.net/qemu/+bug/1812451Reported-by: default avatarPeter Maydell <peter.maydell@linaro.org> Signed-off-by: default avatarPrasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Samuel Thibault's avatarSamuel Thibault <samuel.thibault@ens-lyon.org> Message-Id: <20200113121431.156708-1-ppandit@redhat.com> Index: xen-4.7.6-testing/tools/qemu-xen-traditional-dir-remote/slirp/tftp.c =================================================================== --- xen-4.7.6-testing.orig/tools/qemu-xen-traditional-dir-remote/slirp/tftp.c +++ xen-4.7.6-testing/tools/qemu-xen-traditional-dir-remote/slirp/tftp.c @@ -326,9 +326,13 @@ static void tftp_handle_rrq(struct tftp_ /* do sanity checks on the filename */ - if ((spt->filename[0] != '/') - || (spt->filename[strlen((char *)spt->filename) - 1] == '/') - || strstr((char *)spt->filename, "/../")) { + if ( +#ifdef _WIN32 + strstr(spt->filename, "..\\") || + spt->filename[strlen(spt->filename) - 1] == '\\' || +#endif + strstr(spt->filename, "../") || + spt->filename[strlen(spt->filename) - 1] == '/') { tftp_send_error(spt, 2, "Access violation", tp); return; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor